US11886624B2 - Crypto device, integrated circuit and computing device having the same, and writing method thereof - Google Patents

Crypto device, integrated circuit and computing device having the same, and writing method thereof Download PDF

Info

Publication number
US11886624B2
US11886624B2 US17/473,137 US202117473137A US11886624B2 US 11886624 B2 US11886624 B2 US 11886624B2 US 202117473137 A US202117473137 A US 202117473137A US 11886624 B2 US11886624 B2 US 11886624B2
Authority
US
United States
Prior art keywords
data
write
address
version count
circuit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US17/473,137
Other languages
English (en)
Other versions
US20220207192A1 (en
Inventor
Ingoo Heo
Youngwook Noh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Assigned to SAMSUNG ELECTRONICS CO., LTD. reassignment SAMSUNG ELECTRONICS CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HEO, INGOO, NOH, YOUNGWOOK
Publication of US20220207192A1 publication Critical patent/US20220207192A1/en
Application granted granted Critical
Publication of US11886624B2 publication Critical patent/US11886624B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/16Handling requests for interconnection or transfer for access to memory bus
    • G06F13/1668Details of memory controller
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/122Hardware reduction or efficient architectures

Definitions

  • the present inventive concepts relate to crypto devices, integrated circuits and computing devices having the same, and writing methods thereof.
  • SoC system on chip
  • SRAM static random access memory
  • version count metadata is read from a memory at each write time, and then, is increased by 1, and a key stream is generated, to perform XOR with the write data, and then, the data is stored.
  • reading metadata should always precede when writing, and the incremented version count metadata should be stored in memory. Therefore, when a write operation is performed, a read operation is always required, thereby increasing the number of memory accesses.
  • Example embodiments provide crypto devices supporting a partial write operation, integrated circuits and computing devices having the same, and writing methods thereof.
  • Example embodiments provide a crypto device improving performance while supporting a partial write operation, an integrated circuit and a computing device having the same, and a writing method thereof.
  • a writing method of a crypto device includes receiving a write request from a central processing unit, determining a write attribute of the write request, and performing one of a partial write operation and a full write operation according to the write attribute.
  • the full write operation includes generating a random number for a version count, generating a key stream using the version count, encrypting write data by performing a first logical operation on the key stream and the write data, and storing the encrypted data and the version count in a memory device.
  • an integrated circuit includes a central processing unit configured to control an overall operation of the integrated circuit, a crypto device circuit configured to receive a write request from the central processing unit and encrypt write data, or receive a read request from the central processing unit and decrypt read data received from a memory device, and a memory controller configured to write the encrypted data to the memory device or read the read data from the memory device according to a request from the crypto device.
  • the crypto device circuit being configured to receive the write request from the central processing unit, determine a write attribute of the write request, and perform one of a partial write operation and a full write operation according to the write attribute, wherein the full write operation includes generating a random number for a version count, generating a key stream using the version count, encrypting write data by performing a logical operation on the key stream and the write data, and storing the encrypted data and the version count in a memory device.
  • a computing device includes a system-on-chip (SoC), and at least one memory device having a first area and a second area.
  • SoC includes at least one central processing unit, a crypto device circuit configured to encrypt write data in response to a write request from the at least one central processing unit, and generate a version count corresponding to the write request, and a memory controller configured to control the at least one memory device to store the version count in the first area and store the encrypted data in the second area.
  • the version count being generated by a random number during a full write operation.
  • a crypto device includes a write attribute analyzer circuit configured to receive a write request from a central processing unit, output a first address and a first control signal for write data, and output a read-modify-write (RMW) activation signal by analyzing a writing operation attribute of the write request, an address generator circuit configured to receive the first address and the first control signal, and output a second address and a second control signal for version count, an address-data scheduler circuit configured to receive the first address and the first control signal from the write attribute analyzer circuit, receive the second address and the second control signal from the address generator circuit, and output a read request or a write request corresponding to a partial write operation or a full write operation according to the RMW activation signal, to a memory controller, a random number generator circuit configured to generate a random number for a new version count when the RMW activation signal indicates an inactive state, an encryption module configured to receive the write data from the write attribute analyzer circuit, generate a key stream corresponding to the version count, encrypt the
  • RMW read
  • FIG. 1 is a diagram illustrating a computing device 10 according to some example embodiments
  • FIG. 2 is a diagram illustrating a crypto device 120 according to some example embodiments
  • FIG. 3 is a diagram illustrating a process of encrypting data of the crypto device 120 according to some example embodiments
  • FIG. 4 is a diagram illustrating data storage in a memory device 200 according to some example embodiments.
  • FIG. 5 is a flowchart illustrating a write operation of an integrated circuit 100 according to some example embodiments
  • FIG. 6 is a flowchart illustrating a partial write operation S 140 according to some example embodiments.
  • FIG. 7 is a flowchart illustrating a write operation S 150 according to some example embodiments as an example
  • FIGS. 8 A and 8 B are drawings illustrating methods of requesting transmission of data and metadata of the crypto device 120 according to some example embodiments
  • FIG. 9 is a diagram illustrating a ladder diagram of a write operation of the computing system 10 according to some example embodiments.
  • FIG. 10 is a diagram illustrating a ladder diagram of a write operation of the computing system 10 according to some example embodiments.
  • FIG. 11 is a ladder diagram for a read operation of the computing system 10 according to some example embodiments.
  • FIG. 12 is a diagram illustrating an encryption process of the crypto device 120 of the computing system 10 according to some example embodiments.
  • FIG. 13 is a diagram illustrating a crypto device 500 according to some example embodiments.
  • FIG. 14 is a diagram schematically illustrating a crypto device 600 according to some example embodiments.
  • FIG. 15 is a diagram illustrating a computing device 20 according to some example embodiments.
  • FIG. 16 is a diagram illustrating a computing device 30 according to some example embodiments.
  • FIG. 17 is a diagram illustrating a computing device 40 according to some example embodiments.
  • FIG. 18 is a diagram illustrating a computing device 50 according to some example embodiments.
  • FIG. 19 is a diagram illustrating a computing system 1000 according to some example embodiments.
  • FIG. 20 is a block diagram schematically illustrating a vehicle control system 2000 according to some example embodiments.
  • FIG. 1 is a diagram illustrating a computing device 10 according to some example embodiments.
  • the computing device 10 may include an integrated circuit 100 (which may also be referred to as a system on a chip or “SoC”) and a memory device 200 .
  • SoC system on a chip
  • the integrated circuit 100 may be implemented to control overall operations of the computing device 10 .
  • the integrated circuit 100 may include at least one central processing unit 110 (CPU), at least one crypto device 120 , and at least one memory controller 130 (MEM CNTL).
  • the central processing unit 110 may be implemented to control the operation of the integrated circuit 100 by driving an operating system.
  • the CPU 110 may be implemented to perform arithmetic logic operations or data processing according to at least one instruction.
  • the CPU 110 may include a program counter, an arithmetic logic unit (ALU), a register, and the like.
  • the crypto device 120 may be implemented to encrypt the data transmitted from the CPU 100 through a bus 101 using an encryption algorithm, or to decrypt the encrypted data transmitted from the memory controller 130 through a bus 102 , using an encryption algorithm.
  • the encryption algorithm may include one or more of Advanced Encryption Standard (AES), Data Encryption Standard (DES), TripleDES, SEED, High security and light weight (HIGHT), ARIA, Lightweight Encryption Algorithm (LEA), and/or the like.
  • the encryption algorithm may perform an encryption/decryption operation in a block encryption mode.
  • the block encryption mode may be a counter (CTR) mode. It should be understood that the block cipher mode according to some example embodiments is not limited thereto.
  • the crypto device 120 may generate a version count VCNT in response to a write request from the central processing unit 110 , generate a stream key using the generated version count VCNT, and encrypt data WD using the stream key.
  • the crypto device 120 may output the encrypted data EWD and the version count VCNT to the memory controller 130 .
  • the crypto device 120 may output a first address corresponding to the encrypted data EWD and a second address corresponding to the version count VCNT to the memory controller 130 .
  • the first address may indicate an encrypted data area 212 (or ‘second memory area’) of the memory device 200
  • the second address may indicate a plain data area 211 (or ‘first memory area’) of the memory device 200 .
  • the crypto device 120 may generate the version count VCNT in different manners according to file properties. For example, when a file property indicates a partial write operation (for example, a read-modify-write (RMW) operation), the version count VCNT first reads a previous version count from the memory device 200 , and then may be incremented by the counter. In some example embodiments, when the file attribute indicates a full write operation, the version count VCNT may be generated by a random number.
  • a file property indicates a partial write operation (for example, a read-modify-write (RMW) operation
  • the version count VCNT when the file attribute indicates a full write operation, the version count VCNT may be generated by a random number.
  • the crypto device 120 may receive the version count VCNT and the encrypted data EWD in response to a read request from the central processing unit 110 , generate a stream key in response to the version count, and decrypt the encrypted data EWD using the stream key.
  • the memory controller 130 may be implemented to control the memory device 200 .
  • the memory controller 130 may receive a write request from the central processing unit 110 and may write the data WD to the plain data area 211 of the memory device 200 .
  • the memory controller 130 receives a read request from the central processing unit 110 and accesses to the plain data area 211 of the memory device 200 , thereby reading data.
  • the memory controller 130 may receive a write request for the encrypted data EWD from the crypto device 120 and may write the encrypted data EWD to the encrypted data area 212 of the memory device 200 . Also, the memory controller 130 may receive a write request for the version count VCNT from the crypto device 120 and may write the version count VCNT to the plain data area 211 of the memory device 200 .
  • the memory controller 130 may receive a read request from the crypto device 120 and read the encrypted data EWD from the encrypted data area 212 of the memory device 200 . Also, the memory controller 130 may receive a read request for the version count VCNT from the crypto device 120 and read the version count VCNT from the plain data area 211 of the memory device 200 .
  • the memory device 200 may be implemented to store data.
  • the data may include encrypted data EWD and plain data.
  • the memory device 200 may include the plain data area 211 and the encrypted data area 212 .
  • the memory device 200 may be implemented as a dynamic random access memory (DRAM), synchronous DRAM (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), low power double data rate (LPDDR) SDRAM, Rambus DRAM (RDRAM), dual in-line memory module (DIMM), nonvolatile DIMM (NVDIMM), phase change random access memory (PRAM), and/or the like.
  • DRAM dynamic random access memory
  • SDRAM synchronous DRAM
  • DDR SDRAM double data rate synchronous dynamic random access memory
  • LPDDR SDRAM low power double data rate SDRAM
  • RDRAM Rambus DRAM
  • DIMM dual in-line memory module
  • NVDIMM nonvolatile DIMM
  • PRAM phase change random access memory
  • a key stream is generated by incrementing the version count by 1, and a key stream and write data are logically operated, thereby performing encryption to be stored in the memory device.
  • a general computing device should always first read the metadata of the memory device during a writing operation, and should store the increased version count in the memory device. This increases the number of memory accesses by always requesting a read operation while performing a write operation.
  • the computing device 10 may allow a partial write operation of the related art, and simultaneously, may generate a version count using a random number during a full write operation, thereby eliminating or reducing unnecessary access of the memory device 200 . Accordingly, the computing device 10 according to some example embodiments of the present inventive concepts may be expected to improve system performance and efficiency.
  • FIG. 2 is a diagram illustrating the crypto device 120 according to some example embodiments.
  • the crypto device 120 may include a main controller 121 , an address-data scheduler 122 , an encryption engine 123 , a write data handler 124 , a decryption engine 125 , a read data handler 126 , a write attribute analyzer 127 , an address generator 128 , and/or a random number generator 129 .
  • Each of the CPU 110 , crypto device 120 , and memory controller 130 , and components, for example, the main controller 121 , address-data scheduler 122 , encryption engine 123 , write data handler 124 , decryption engine 125 , read data handler 126 , write attribute analyzer 127 , address generator 128 , and random number generator 129 , may be embodied by processing circuitry such as hardware including logic circuits; a hardware/software combination executing software; or a combination thereof.
  • the processing circuitry more specifically may include, but is not limited to, one or more of a central processing unit (CPU), a processor core, an arithmetic logic unit (ALU), a digital signal processor, a microprocessor, a microcomputer, a field programmable gate array (FPGA), a programmable logic unit, a microprocessor, an application-specific integrated circuit (ASIC), etc.
  • CPU central processing unit
  • ALU arithmetic logic unit
  • ALU a digital signal processor
  • microprocessor a microcomputer
  • FPGA field programmable gate array
  • ASIC application-specific integrated circuit
  • the crypto device 120 and components may also be referred to, in the present specification, as crypto device circuit 120 , address-data scheduler circuit 122 , encryption engine circuit 123 , write data handler circuit 124 , decryption engine circuit 125 , read data handler circuit 126 , write attribute analyzer 127 , address generator 128 , and random number generator 129 .
  • the main controller 121 may be implemented to control overall operations of the crypto device 120 .
  • the main controller 121 may receive a first control signal CTR 1 and a first address ADD 1 for write data WD.
  • the main controller 121 may receive a Read-Modify-Write activation signal RMW EN from the write attribute analyzer 127 , and may output the RMW activation signal RMW EN to the address-data scheduler 122 .
  • the main controller 121 reads a previous version count VCNT (previous) from the memory device 200 (see FIG. 1 ) in response to the RMW activation signal RMW EN, and counts up the previous version count, thereby generating the current version count VCNT (current).
  • the current version count VCNT (current) may be provided to the encryption engine 123 and the write data handler 124 .
  • the main controller 121 may receive the previous version count VCNT (previous)from the read data handler 126 .
  • the address-data scheduler 122 may be implemented to schedule bus transactions related to memory operations (writing/reading operations).
  • the address-data scheduler 122 may be scheduled to write a plurality of encrypted data and metadata (e.g., version count) corresponding thereto, to the memory device 200 , or to read encrypted data and metadata (e.g., version count) from the memory device 200 .
  • the address-data scheduler 122 may receive and a first control signal CTR 1 and a first address ADD 1 for write data from the write attribute analyzer 127 in a writing operation, and a second control signal CTR 2 and a second address ADD 2 for a version count VCNT from the address generator 128 .
  • the address-data scheduler 122 may perform scheduling for a write operation by receiving the RMW activation signal RMW EN from the main controller 121 . Thereafter, the address-data scheduler 122 may output read requests to the memory controller 130 , to read previously encrypted data in response to the RMW activation signal RMW EN in the area 212 (refer to FIG. 1 ) of the memory device 200 corresponding to the first address ADD 1 , and to read the previous version count VCNT (previous) in the area 211 (refer to FIG. 1 ) of the memory device 200 corresponding to the second address ADD 2 in response to the RMW activation signal RMW EN.
  • the address-data scheduler 122 may receive the encrypted data EWD and the current version count VCNT (current) from the write data handler 124 . Thereafter, the address-data scheduler 122 may output the write requests to the memory controller 130 , to write the encrypted data EWD in the area 212 of the memory device 200 corresponding to the first address ADD 1 , and to write the current version count VCNT (current) to the area 211 of the memory device 200 corresponding to the second address ADD 2 .
  • the address-data scheduler 122 may perform scheduling for a write operation without receiving the RMW activation signal RMW EN from the main controller 121 .
  • the address-data scheduler 122 may perform scheduling to perform a write operation immediately without accessing the memory device 200 to obtain the previous data and the previous version count.
  • the address-data scheduler 122 may receive encrypted data EWD and a current version count VCNT (current) from the write data handler 124 .
  • the current version count VCNT (current) is a value generated by the random number generator 129 .
  • the address-data scheduler 122 may output write requests to the memory controller 130 , to write the encrypted data EWD in the area 212 of the memory device 200 corresponding to the first address ADD 1 , and to write the current version count VCNT (current) in the area 211 of the memory device 200 corresponding to the second address ADD 2 .
  • the address-data scheduler 122 may output write requests to the memory controller 130 , to write the encrypted data EWD in the area 212 of the memory device 200 corresponding to the first address ADD 1 , and to write the current version count VCNT (current) in the area 211 of the memory device 200 corresponding to the second address ADD 2 .
  • the address-data scheduler 122 may output the encrypted data EWD/version count VCNT corresponding to the address and control signal for the data/version count, to the memory controller 130 , during a write operation.
  • the address-data scheduler 122 may receive encrypted read data ERD/version count VCNT corresponding to an address and a control signal for data/version count, from the memory controller 130 , during a read operation.
  • the encryption engine 123 may be implemented to generate a key stream corresponding to the version count VCNT based on an encryption algorithm, and to generate the encrypted data EWD by logically calculating the key stream and the write data WD.
  • the encryption algorithm may be an AES algorithm
  • the logical operation may be an XOR operation.
  • the write data handler 124 may be implemented to transmit the encrypted data EWD and the current version count VCNT (current) to the address-data scheduler 122 during a write operation.
  • the current version count VCNT (current) may be one of a value counted up from a previous version count and a value generated by the random number generator 129 according to the property of the write operation.
  • the encryption engine 123 and the write data handler 124 may be collectively referred to as an encryption module.
  • the decryption engine 125 may be implemented to generate a key stream corresponding to the previous version count VCNT (previous) based on an encryption algorithm, and to decrypt the encrypted read data ERD by logically calculating the key stream and the encrypted read data ERD.
  • the encryption algorithm may be an AES algorithm
  • the logical operation may be an XOR operation.
  • the read data handler 126 may be implemented to receive encrypted read data ERD and previous version count VCNT from the address-data scheduler 122 during a read operation. In some example embodiments, the read data handler 126 may transmit a previous version count VCNT (previous) to the main controller 121 during a partial write operation. In some example embodiments, the decryption engine 125 and the read data handler 126 may be collectively referred to as a decryption module.
  • the write attribute analyzer 127 may be implemented to receive a write request, output a first address ADD 1 and a first control signal for data, and analyze a write attribute.
  • the write request may include write data WD, an address ADD, and a control signal CTR.
  • the address ADD may be an address corresponding to the encrypted data area 212 of the memory device 200 .
  • the control signal CTR may include a write strobe signal WSTRB.
  • the write strobe signal WSRTB may be used to indicate a byte of effective write data each time data is transmitted. For example, when performing a write transaction on a 32-bit data bus, a 4-bit write strobe signal WSTRB may be generated. For example, whether each of the four bytes is valid may be determined according to ‘1’ or ‘0’ of the write strobe signal WSTRB. For example, the write attribute analyzer 127 may determine whether it is a partial write operation or a full write operation by analyzing the write strobe signal WSTRB transmitted together with the write data WD.
  • the write attribute analyzer 127 may generate an RMW activation signal RMW EN according to a write attribute. For example, when the write strobe signal WSTRB indicates a partial write operation, the read-modify-write activation signal RMW EN may indicate an activation state.
  • the address generator 128 may be implemented to receive a first address ADD 1 and a first control signal CTR 1 for write data WD and to generate a second address ADD 2 and a second control signal CTR 2 for version count VCNT.
  • the second address ADD 2 may be a memory area allocated to the crypto device 120 .
  • the random number generator 129 may be implemented to generate a random number to generate a version count VCNT under the control of the main controller 121 .
  • the random number may be generated using, for example, thermal noise, shot noise, or meta-stability of a ring oscillator.
  • the crypto device 120 may determine the necessity of performing the RMW operation and the read operation for the version count according to the attribute of the write operation required from the bus, and may perform the RMW operation and read operation according to the determination result. For example, the crypto device 120 may determine whether to perform the RMW operation by determining the attribute of the write operation. In addition, in the case of a full write operation in which the RMW operation is deactivated, the crypto device 120 may perform data encryption only by a write operation without a read operation for the version count through random number generation.
  • FIG. 3 is a diagram illustrating a process of encrypting data of a crypto device 120 according to some example embodiments.
  • the crypto device 120 may generate a key stream for data using a nonce, an address, and a version count VCNT.
  • the size of the nonce may be 64 bits.
  • the size of the address may be 32 bits.
  • the version count VCNT may be 32 bits.
  • the version count VCNT may be generated by being counted up to the previous version count or may be generated by a random number.
  • the size of the key stream may be 128 bits.
  • the key stream may be generated based on a key value and an AES algorithm. For example, the size of the key value may be 128 bits.
  • a plurality of ciphertexts (e.g., encrypted data) may be generated.
  • the size of each of the plurality of plain texts may be 128 bits.
  • the size of each of the ciphertexts may be 128 bits.
  • FIG. 4 is a diagram illustrating data storage in the memory device 200 according to some example embodiments.
  • encrypted data may be stored in the encrypted data area 212 for each cache line.
  • a 128-bit ciphertext may be stored in the encrypted data area 212 .
  • the version count VCNT may be stored in the plain data area 211 .
  • the 27-bit version count may be stored in the plain data area 211 .
  • FIG. 5 is a flowchart illustrating a write operation of the integrated circuit 100 according to some example embodiments. Referring to FIGS. 1 to 5 , a write operation of the integrated circuit 100 may be performed as follows.
  • the central processing unit 110 may transmit a write request to the encryption device 120 .
  • the write request may include write data and an address.
  • the crypto device 120 may receive a write request from the central processing unit 110 (S 110 ).
  • the crypto device 120 may analyze the write attribute of the write request (S 120 ).
  • the crypto device 120 may determine whether the RMW operation is activated (S 130 ).
  • the integrated circuit 100 may perform a partial write operation (S 140 ).
  • the integrated circuit 100 may perform a full write operation (S 150 ).
  • the write request may include write data, a first address, and at least one control signal
  • the at least one control signal may include a write strobe signal WSTRB indicating a byte of valid write data.
  • the write attribute may be determined by analyzing the write strobe signal WSTRB.
  • a second address for storing the version count VCNT in the memory device 200 may be generated.
  • the encrypted data EWD may be stored in the encrypted data area 212 of the memory device 200
  • the version count VCNT may be stored in the plain data area 211 of the memory device 200 .
  • a previous version count and previous data are read from the memory device 200 , a previous key stream is generated using the previous version count, and a logical operation (for example, XOR operation) on the previous key stream and the previous data is performed to decrypt.
  • a new version count is generated by counting up the previous version count
  • a new key stream is generated using the new version count
  • the decrypted data is modulated using write data
  • the modulated data are encrypted by performing a logical operation on the new key stream and the modulated data.
  • the encrypted data and the new version count may be stored in the memory device 200 .
  • a read request for metadata having a version count and data may be transmitted to the memory device 200 . Thereafter, a plurality of consecutive data and metadata corresponding to a read request may be received from the memory device 200 .
  • the address-data scheduler 122 may request merge transmission of metadata for efficient use of the bus.
  • FIG. 6 is a flowchart illustrating the partial write operation S 140 according to some example embodiments.
  • the partial write operation may be performed as follows.
  • the crypto device 120 may read the previous version count VCNT (previous) from the memory device 200 for the partial write operation (S 141 ).
  • the crypto device 120 may generate a previous stream key using the previous version count VCNT (previous) (S 142 ).
  • the crypto device 120 may read data corresponding to the write address from the memory device 200 (S 143 ).
  • the crypto device 120 may decrypt the read data using the previous stream key (S 144 ).
  • the crypto device 120 may modulate the decrypted data into write data (S 145 ).
  • the version count VCNT may be incremented (S 146 ). For example, it may be counted up from the previous version count VCNT (previous). Thereafter, the crypto device 120 may generate a stream key using the incremented version count VCNT (S 147 ). The crypto device 120 may encrypt the modulated data using the generated stream key (S 148 ). Thereafter, the crypto device 120 may request the memory controller 130 to store the encrypted data and the generated version count VCNT in the memory device 200 (S 149 ).
  • FIG. 7 is a flowchart illustrating an example of the write operation (S 150 ) according to some example embodiments. Referring to FIGS. 1 to 7 , the full write operation may be performed as follows.
  • the crypto device 120 may generate a random number for generating a version count (S 151 ).
  • the crypto device 120 may generate a key stream using the version count VCNT corresponding to the random number (S 152 ).
  • the crypto device 120 may encrypt the write data WD using the generated key stream (S 153 ).
  • the crypto device 120 may request the memory controller 130 to store the encrypted data and version count VCNT in the memory device 200 (S 154 ).
  • FIGS. 8 A and 8 B are views illustrating examples of methods of requesting transmission of data and metadata in the crypto device 120 according to some example embodiments.
  • the address-data scheduler 122 of the crypto device 120 may perform a first read request for one meta-data corresponding to one continuous data.
  • the memory device 200 may output one metadata and corresponding continuous data.
  • the address-data scheduler 122 of the crypto device 120 may perform a second read request for a plurality of meta-data corresponding to a plurality of consecutive data.
  • the memory device 200 may output a plurality of metadata and corresponding continuous data. Accordingly, the address-data scheduler 122 may transmit a merge transfer request for meta-data to the memory controller 120 , to efficiently use the bus.
  • FIG. 9 is a diagram illustrating a ladder diagram of a write operation of a computing system 10 according to some example embodiments. Referring to FIGS. 1 to 9 , the write operation of the computing system may proceed as follows.
  • the central processing unit CPU may transmit a write request for a partial write operation to the crypto device 120 (S 10 ). Whether or not the partial write operation is performed may be known by checking the write strobe signal WSTB transmitted together with the write data WD.
  • the crypto device 120 may request a previous version count VCNT (previous) from the memory controller MEM CNTL (S 11 - 1 ).
  • the memory controller MEM CNTL may request a previous version count VCNT (previous) from the memory device MEM using the address ADD 2 (S 11 - 2 ).
  • the address ADD 2 may be received from the address-data scheduler 122 of the crypto device 120 .
  • the memory device MEM may read the previous version count VCNT (previous) by accessing the memory area 211 corresponding to the address ADD 2 , and may output the read previous version count VCNT (previous) to the memory controller MEM CNTL (S 12 - 1 ).
  • the memory controller MEM CNTL may transmit the previous version count VCNT (previous) to the crypto device 120 (S 12 - 2 ).
  • the crypto device 120 may receive the previous version count VCNT (previous) and generate a key stream using an encryption algorithm (S 13 ). Thereafter, the crypto device 120 transmits a read request for the previously encrypted data ERD to the memory controller MEM CNTL (S 14 - 1 ), and the memory controller MEM CNTL may transmit a read request for previously encrypted data ERD accessing the memory area 212 corresponding to the address ADD 1 , to the memory device MEM (S 14 - 2 ). The memory device MEM may read the previously encrypted data ERD by accessing the memory area 212 corresponding to the address ADD 1 and may output the read previously-encrypted data ERD to the memory controller MEM CNTL (S 15 - 1 ). The memory controller MEM CNTL may transmit the previously encrypted data ERD to the crypto device 120 (S 15 - 2 ).
  • the crypto device 120 may decrypt previously encrypted data ERD using the previous stream key (S 16 - 1 ).
  • the crypto device 120 may partially modulate the decrypted data RD using the write data WD (S 16 - 2 ). Thereafter, the crypto device 120 may generate a current version count VCNT (current) by counting up a previous version count VCNT (previous) (S 16 - 3 ).
  • the crypto device 120 may generate a key stream using the current version count VCNT (current) (S 16 - 4 ). Thereafter, the crypto device 120 may encrypt the modulated data by performing a logical operation (e.g., XOR operation) on the modulated data and the key stream (S 16 - 5 ).
  • a logical operation e.g., XOR operation
  • the crypto device 120 may transmit encrypted data EWD and the current version count VCNT (current) to the memory controller MEM CNTL (S 17 ).
  • the memory controller MEM CNTL may transmit a first write request to the memory device MEM to write the encrypted data EWD in the memory area 212 corresponding to the first address ADD 1 (S 18 - 1 ).
  • the memory controller MEM CNTL may transmit a second write request to the memory device MEM to write meta-data having a version count in the memory area 211 corresponding to the second address ADD 2 (S 18 - 2 ).
  • the second write request is transmitted after transmitting the first write request, it will be understood that the present inventive concepts are not limited thereto.
  • the memory device MEM may receive the first and second write requests and store encrypted data EWD and a corresponding current version count VCNT (current) in each of the corresponding regions 212 and 211 .
  • FIG. 10 is a diagram illustrating a ladder diagram of a write operation of the computing system 10 according to some example embodiments of the present inventive concept. Referring to FIGS. 1 to 10 , the write operation of the computing system 10 may be performed as follows.
  • the central processing unit CPU may transmit a write request to the crypto device 120 (S 20 ).
  • the write request may include information indicating the full write operation.
  • the crypto device 120 may receive a write request, analyze the attribute of the write operation, and request the random number generator 129 to generate a random number when instructing the full write operation as a result of the analysis (S 21 ).
  • the random number generator 129 may generate a random number for a version count VCNT for an encryption operation.
  • the generated random number may be the version count VCNT.
  • the version count VCNT may be generated using the generated random number.
  • the crypto device 120 may generate a key stream using the version count VCNT and encrypt the write data by logically calculating the write data using the generated key stream (S 22 ).
  • the crypto device 120 may transmit the encrypted data EWD and the corresponding version count VCNT to the memory controller MEM CNTL (S 23 ).
  • the memory controller MEM CNTL may transmit a first write request to the memory device MEM to write the encrypted data EWD in the memory area 212 corresponding to the first address ADD 1 (S 24 - 1 ).
  • the memory controller MEM CNTL may transmit a second write request to the memory device MEM to write metadata having a version count VCNT in the memory area 211 corresponding to the second address ADD 2 (S 24 - 2 ).
  • a version count VCNT using a random number may be immediately generated without a read request from the memory device MEM in the case of a full write operation, and a key stream may be generated using the generated version count VCNT, and the encrypted data WD and the version count VCNT may be written to the memory device MEM using the generated key stream.
  • FIG. 11 is a diagram illustrating a ladder diagram for a read operation of the computing system 10 according to some example embodiments. Referring to FIGS. 1 to 11 , a read operation of the computing system 10 may be performed as follows.
  • the central processing unit CPU may transmit a read request to the crypto device 120 (S 30 ).
  • the read request may include an address ADD for an area in which read data is stored.
  • the crypto device 120 may request a version count VCNT from the memory controller MEM CNTL (S 31 - 1 ).
  • the memory controller MEM CNTL may request the version count VCNT from the memory device MEM using the second address ADD 2 corresponding to the address ADD (S 31 - 2 ).
  • the second address ADD 2 corresponds to the address ADD and may be generated from the address generator 128 of the crypto device 120 .
  • the memory device MEM may read the version count VCNT by accessing the memory area 211 corresponding to the second address ADD 2 and output the read version count VCNT to the memory controller MEM CNTL (S 32 - 1 ).
  • the memory controller MEM CNTL may transmit the version count VCNT to the crypto device 120 (S 32 - 2 ).
  • the crypto device 120 may receive the version count VCNT, and may generate a key stream using an encryption algorithm (S 33 ). Thereafter, the crypto device 120 transmits a read request for the encrypted data ERD to the memory controller MEM CNTL (S 34 - 1 ), and the memory controller MEM CNTL may transmit a read request for the encrypted data ERD to the memory device MEM, to access the memory area 212 using the first address ADD 1 corresponding to the address ADD (S 34 - 2 ).
  • the memory device MEM may read the encrypted data ERD by accessing the memory area 212 corresponding to the first address ADD 1 and output the read encrypted data ERD to the memory controller MEM CNTL (S 35 - 1 ).
  • the memory controller MEM CNTL may transmit the encrypted data ERD to the crypto device 120 (S 35 - 2 ).
  • the crypto device 120 may decrypt the encrypted data ERD using the stream key (S 36 ).
  • the crypto device 120 may transmit decrypted data RD to the central processing unit CPU (S 37 ).
  • the crypto device may perform an error correction code (ECC) encoding/decoding operation to improve the reliability of data.
  • ECC error correction code
  • FIG. 12 is a diagram illustrating an example of an encryption process of the crypto device 120 of the computing system 10 according to some example embodiments.
  • FIG. 12 when data is encrypted and stored in the memory device 200 , it is necessary (or desired) to read a previous version count stored in the memory device 200 as illustrated in FIG. 3 .
  • a read operation for metadata for stored encrypted data and ECC data may be performed.
  • a 128-bit key stream used for an encryption operation (e.g., an encryption operation using an AES algorithm) for data may be generated using a 69-bit nonce, a 32-bit address (e.g., the second address ADD 2 ), and a 27-bit version count VCNT.
  • Encryption data (Ciphertext) may be generated through a logical operation (e.g., an XOR operation) using 128-bit original data (Plaintext) and a 128-bit key stream.
  • MAC Message Authentication Code
  • the encryption operation and the ECC encoding operation of the crypto device may proceed as follows. For example, the encryption operation of first to fourth data will be described. Metadata and ECC data may be read from the memory device 200 . Metadata may be extracted through an ECC decoding operation. The metadata may include version count VCNT and ECC data. Thereafter, a key stream generation operation may be performed using the version count. Also, an encryption operation using a key stream may be performed. An ECC encoding operation is performed on the first encrypted data, and the first encrypted data may be stored in the memory device 200 . Similarly, an ECC encoding operation for the second encrypted data may be performed, and the second encrypted data may be stored in the memory device 200 .
  • an ECC encoding operation for the third encrypted data may be performed and the third encrypted data may be stored in the memory device 200 .
  • the ECC encoding operation for the fourth encrypted data may be performed, and the fourth encrypted data may be stored in the memory device 200 .
  • a MAC may be generated through a MAC operation using encrypted data.
  • An ECC encoding operation may be performed on metadata including a version count and MAC.
  • the generated metadata and ECC data may be stored in the memory device 200 .
  • FIG. 13 is a diagram illustrating a crypto device 500 according to some example embodiments.
  • the crypto device 500 may include a random number generator 501 , a main controller 510 , an address generator 520 , an encryption and ECC encoding module 530 , and an address-data scheduler 540 .
  • the random number generator 501 may be implemented to generate a random number for the version count VCNT when the RMW operation is not performed as described in FIGS. 1 to 12 .
  • the main controller 510 may control overall operations of the crypto device 500 .
  • the encryption and ECC encoding module 530 may include an encryption engine 531 , a MAC generator 532 and an ECC encoder 533 .
  • whether or not the data is encrypted may be determined by the crypto device 500 or a system-on-chip (SoC) including the crypto device 500 .
  • SoC system-on-chip
  • information Info_EN indicating whether to encrypt data in a write operation may be provided to the main controller 510 .
  • the main controller 510 may control the operation of the encryption and ECC encoding module 530 based on the information Info_EN.
  • the encryption engine 531 may encrypt the first data DATA 1 , provide the encrypted data to the MAC generator 532 , and also provide encrypted data and metadata (e.g., version count VCNT) to the ECC encoder 533 .
  • the MAC from the MAC generator 532 may be provided to the ECC encoder 533 , as metadata.
  • the ECC encoder 533 may generate first ECC data for encrypted data and second ECC data for metadata.
  • the ECC encoder 533 may generate ECC data for the second data DATA 2 without performing an encryption operation on the second data DATA 2 .
  • the main controller 510 may control the operation of the address generator 520 based on the information Info_EN.
  • the address generator 520 may calculate a second address using an address related to storage of the first and second data DATA 1 and DATA 2 . Also, the address generator 520 may calculate a second address ADD 2 _ 1 for storing metadata and ECC data in relation to the first data DATA 1 . Also, the address generator 520 may calculate a second address ADD 2 _ 2 for storing ECC data related to the second data DATA 2 . Data and addresses generated as described above may be provided to the address-data scheduler 540 .
  • the address generator 520 may perform an address generation operation to have information for storing more data.
  • the address generator 520 may perform an address generation operation to have information for storing relatively small data. Accordingly, when the encryption operation is not performed, ECC data related to more data may be stored in the same row or column of the memory.
  • the address-data scheduler 540 may control an order of outputting addresses or data.
  • the address-data scheduler 540 outputs a relatively large number of data and addresses corresponding thereto, and then, may perform scheduling such that ECC data related to the plurality of data may be collectively provided to the memory.
  • FIG. 14 is a diagram schematically illustrating a crypto device 600 according to some example embodiments.
  • the crypto device 600 may include a random number generator 601 , a main controller 610 , an address generator 620 , an encryption and ECC encoding module 630 , and a decryption and ECC decoding module 640 .
  • the random number generator 601 may be implemented to generate a random number for the version count VCNT when the RMW operation is not performed, as described in FIGS. 1 to 12 .
  • the main controller 610 may control overall operations of the crypto device 600 .
  • an algorithm used for an encryption/decryption operation and an algorithm used for an ECC operation may be selected based on the control of the crypto device 600 or a system-on-chip including the crypto device 600 .
  • the size of metadata may vary depending on an algorithm used for an encryption/decryption operation and an algorithm used for an ECC operation.
  • the size of ECC data may vary.
  • the main controller 610 may provide encryption algorithm information Algo_EN and ECC encoding algorithm information Algo_ECC_E to the encryption and ECC encoding module 630 .
  • the main controller 610 may provide decrypting algorithm information Algo_DE and ECC decoding algorithm information Algo_ECC_D to the decryption and ECC decoding module 640 .
  • the main controller 610 may provide information Info_size related to the size of additional data generated in the encryption operation and the ECC operation according to the selected algorithm, to the address generator 620 .
  • the address generator 620 may further refer to the information Info_size when generating the second address. For example, when additional data having a relatively large first size is generated for the first data and additional data having a relatively small second size is generated for the second data, the address generator 620 may generate second addresses ADD 2 _ 1 and ADD 2 _ 2 for generating additional data of different magnitudes, respectively. For example, when the magnitude of the additional data is small, metadata and ECC data may be stored in a relatively small number of rows or columns.
  • additional data (metadata and ECC data) related to more data may be stored in the same row or column of the memory.
  • the scheduling operation of the address-data scheduler may vary based on the magnitude of the additional data.
  • the computing device may include a plurality of memory channels.
  • FIG. 15 is a diagram illustrating a computing device 20 according to some example embodiments.
  • the computing device 20 may include an SoC 1500 connected to memory devices 201 , 202 , etc., through a plurality of memory channels 131 , 132 , etc., (e.g., four channels), compared with the computing device 10 illustrated in FIG. 1 .
  • the crypto device 121 is connected to a corresponding memory controller 131 , 132 , etc. (also, MEM CNTL) through a bus 1502 , and is further connected to a CPU 111 though a bus 1501 .
  • a corresponding memory controller 131 , 132 , etc. also, MEM CNTL
  • the present inventive concepts need not be limited thereto.
  • the crypto device 121 in some example embodiments of the present inventive concepts may be disposed between the bus and the memory controller.
  • FIG. 16 is a diagram illustrating a computing device 30 according to some example embodiments.
  • the computing device 30 may include a SoC 1700 including a CPU 112 , and crypto devices 125 , 126 , 127 , 128 , etc., disposed between buses 1601 and 1602 and memory controllers 135 , 136 , etc. (also, MEM CNTL), the SoC 1700 connected to memory devices 205 , 206 , 207 , 208 , etc. by the memory controllers 135 , 136 , etc. compared to that illustrated in FIG. 15 .
  • SoC 1700 including a CPU 112 , and crypto devices 125 , 126 , 127 , 128 , etc., disposed between buses 1601 and 1602 and memory controllers 135 , 136 , etc. (also, MEM CNTL), the SoC 1700 connected to memory devices 205 , 206 , 207 , 208 , etc. by the memory controllers 135 ,
  • FIG. 16 similar to FIG. 1 , two buses 1601 and 1602 are illustrated inside the SoC. However, the number of buses of the present inventive concepts are not limited thereto.
  • the SoC according to some example embodiments may be implemented with one bus.
  • FIG. 17 is a diagram illustrating a computing device 40 according to some example embodiments.
  • the computing device 40 may include a plurality of Intellectual Properties IPs and a crypto device connected to one bus.
  • the crypto device may provide an encryption operation or a decryption operation in an on-the-fly method. As described in FIGS. 1 to 14 , the crypto device may improve the performance of the encryption operation by generating version counts in different manners according to the attributes of the write operation.
  • FIG. 17 illustrates a structure in which one crypto device is connected to one bus.
  • the structure of the present inventive concepts are not limited thereto.
  • the crypto device corresponding to the respective memory channels may be connected to one bus.
  • FIG. 18 is a diagram illustrating a computing device 50 according to some example embodiments.
  • the computing device 50 has crypto devices that are disposed between the bus and the DRAM controllers, compared to that illustrated in FIG. 17 .
  • a computing system may further include Intellectual Properties (IPs) performing various functions.
  • IPs Intellectual Properties
  • FIG. 19 is a diagram illustrating a computing system 1000 according to some example embodiments.
  • the computing system 1000 may include a system-on-chip SOC 1100 and a plurality of DRAMs 1210 , 1220 , 1230 , 1240 , etc.
  • the SoC may include a CPU, a crypto device, DRAM hardware, DRAM controllers, an internal SRAM (iRAM), an internal ROM (iROM), a Graphics Processing Unit (GPU), a multimedia chip, a Direct Memory Access (DMA) chip, a modem, and/or a Global Navigation Satellite System (GNSS) chip.
  • a CPU central processing unit
  • a crypto device DRAM hardware
  • DRAM controllers DRAM hardware
  • iRAM internal SRAM
  • iROM internal ROM
  • iROM internal ROM
  • GPU Graphics Processing Unit
  • multimedia chip a Direct Memory Access (DMA) chip
  • DMA Direct Memory Access
  • modem a modem
  • GNSS Global Navigation Satellite System
  • the internal RAM may be implemented to temporarily store data necessary for the operation of the CPU.
  • the internal RAM may be implemented with Synchronous Random Access Memory (SRAM).
  • the internal ROM may be implemented to store operating system/program-related code (instruction) of the CPU.
  • the internal ROM may be implemented as a non-volatile memory.
  • the GPU may be a chip for processing exclusively for graphics.
  • the multimedia chip may be a chip for exclusively processing multimedia data.
  • the DMA chip may be implemented to directly access DRAMs without going through the CPU.
  • the modem may be implemented to perform wired or wireless communication with the outside.
  • the GNSS chip may be implemented to receive satellite navigation data and determine the location of the computing system.
  • At least one of the IPs illustrated in FIG. 19 may be omitted or at least one IP not illustrated in FIG. 19 may be added. It also should be understood that in the SOC according to some example embodiments of the present inventive concept, at least two of the IPs illustrated in FIG. 19 may be implemented in one chip.
  • FIG. 20 is a block diagram schematically illustrating a vehicle control system 2000 according to some example embodiments.
  • the vehicle control system 2000 for autonomous driving may include a sensor information collecting device 2100 , a navigation information collecting device 2200 , an electronic control unit (ECU) 2300 for autonomous driving, and a central processing unit 2400 and a memory device 2500 .
  • the electronic control unit 2300 for autonomous driving may include a neural network device 2310 and a crypto device 2320 .
  • the crypto device 2320 may be implemented with the crypto device described in FIGS. 1 to 14 .
  • the neural network device 2310 may perform a neural network operation using various image information and voice information, and may generate information signals such as an image recognition result and a voice recognition result based on the execution result.
  • the sensor information collecting device 2100 may include devices capable of collecting various image information and audio information, such as a camera or a microphone, and may provide the same to the electronic control unit 2300 for autonomous driving.
  • the navigation information collection device 2200 may provide various types of information (e.g., location information, etc.) related to vehicle operation to the electronic control unit 2300 for autonomous driving.
  • the neural network device 2310 may generate an information signal by receiving information from the sensor information collecting device 2100 or the navigation information collecting device 2200 and thus executing various types of neural network models.
  • the crypto device 2320 of the autonomous driving module 2300 may perform a decryption operation and an ECC operation, as security processing for voice data or image data from the sensor information collecting device 2100 .
  • the crypto device 2320 may store encrypted data and metadata/ECC data in the memory device 2500 .
  • FIG. 20 an example in which some example embodiments of the present inventive concepts are applied to an autonomous driving system is described, but example embodiments of the present inventive concepts may be applied to products requiring a security function for a camera sensor, such as IoT, a surveillance camera, and/or the like.
  • a camera sensor such as IoT, a surveillance camera, and/or the like.
  • incrementing the version count value is to generate a different key stream for each write in terms of confidentiality, and is to record the time at which write is performed in terms of countermeasures against replay attacks.
  • the version count does not necessarily have to be a value that increases monotonically, and there is no security problem if the value changes at every write. Therefore, in a system that considers only confidentiality, it is not necessary to read the version count from the memory when writing, and one random number is generated through a random number generator interlocked with an encryption device, and then a key stream is generated using the same, thereby obtaining the same effect as that of the version counter.
  • the techniques and apparatuses in the present inventive concepts may selectively generate a read operation for the version count value depending on whether or not an RMW operation is required in an environment where a different encryption result is required each time a write operation is performed, due to the importance of data confidence.
  • performance may be improved while securing the same level of security by only a write operation without a read operation for securing the version count.
  • a write attribute may be determined, and version counts may be generated in different manners depending on the write attribute, thereby significantly reducing access to a memory device.
  • a system-on-chip having the same, and a writing method thereof may exhibit optimal or improved performance while supporting a partial write operation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
US17/473,137 2020-12-28 2021-09-13 Crypto device, integrated circuit and computing device having the same, and writing method thereof Active 2042-03-25 US11886624B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2020-0184616 2020-12-28
KR1020200184616A KR20220093664A (ko) 2020-12-28 2020-12-28 크립토 장치, 그것을 갖는 집적 회로 및 컴퓨팅 장치, 및 그것의 쓰기 방법

Publications (2)

Publication Number Publication Date
US20220207192A1 US20220207192A1 (en) 2022-06-30
US11886624B2 true US11886624B2 (en) 2024-01-30

Family

ID=82119347

Family Applications (1)

Application Number Title Priority Date Filing Date
US17/473,137 Active 2042-03-25 US11886624B2 (en) 2020-12-28 2021-09-13 Crypto device, integrated circuit and computing device having the same, and writing method thereof

Country Status (2)

Country Link
US (1) US11886624B2 (ko)
KR (1) KR20220093664A (ko)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11677541B2 (en) * 2021-10-12 2023-06-13 Nxp B.V. Method and device for secure code execution from external memory

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120191984A1 (en) 2011-01-21 2012-07-26 Shigeo Ohyama Data encryption device and memory card
JP2013167740A (ja) 2012-02-15 2013-08-29 Nec Corp 暗号化装置、暗号化方法および暗号化プログラム
US20140223197A1 (en) 2011-06-29 2014-08-07 Shay Gueron Method and apparatus for memory encryption with integrity check and protection against replay attacks
US8880898B2 (en) 2006-04-24 2014-11-04 Telefonaktiebolaget L M Ericsson (Publ) Anti-roll-back mechanism for counter
US20160182223A1 (en) * 2014-12-23 2016-06-23 Eugene M. Kishinevsky Encryption Interface
US20160364343A1 (en) * 2015-06-10 2016-12-15 Freescale Semiconductor, Inc. Systems and methods for data encryption
US9904805B2 (en) 2015-09-23 2018-02-27 Intel Corporation Cryptographic cache lines for a trusted execution environment
US10108557B2 (en) 2015-06-25 2018-10-23 Intel Corporation Technologies for memory confidentiality, integrity, and replay protection
US20190050347A1 (en) * 2018-07-25 2019-02-14 Intel Corporation Memory data protection based on authenticated encryption
US20190073319A1 (en) 2017-08-08 2019-03-07 C-Sky Microsystems Co., Ltd. Storage data encryption and decryption apparatus and method
US20190238312A1 (en) 2018-02-01 2019-08-01 The University Of Chicago Stream Ciphers for Digital Storage Encryption

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8880898B2 (en) 2006-04-24 2014-11-04 Telefonaktiebolaget L M Ericsson (Publ) Anti-roll-back mechanism for counter
US20120191984A1 (en) 2011-01-21 2012-07-26 Shigeo Ohyama Data encryption device and memory card
JP2012151805A (ja) 2011-01-21 2012-08-09 Sharp Corp データ暗号化装置、及び、メモリカード
US20140223197A1 (en) 2011-06-29 2014-08-07 Shay Gueron Method and apparatus for memory encryption with integrity check and protection against replay attacks
JP2013167740A (ja) 2012-02-15 2013-08-29 Nec Corp 暗号化装置、暗号化方法および暗号化プログラム
US20160182223A1 (en) * 2014-12-23 2016-06-23 Eugene M. Kishinevsky Encryption Interface
US20160364343A1 (en) * 2015-06-10 2016-12-15 Freescale Semiconductor, Inc. Systems and methods for data encryption
US10108557B2 (en) 2015-06-25 2018-10-23 Intel Corporation Technologies for memory confidentiality, integrity, and replay protection
US9904805B2 (en) 2015-09-23 2018-02-27 Intel Corporation Cryptographic cache lines for a trusted execution environment
US20190073319A1 (en) 2017-08-08 2019-03-07 C-Sky Microsystems Co., Ltd. Storage data encryption and decryption apparatus and method
US20190238312A1 (en) 2018-02-01 2019-08-01 The University Of Chicago Stream Ciphers for Digital Storage Encryption
US20190050347A1 (en) * 2018-07-25 2019-02-14 Intel Corporation Memory data protection based on authenticated encryption

Also Published As

Publication number Publication date
KR20220093664A (ko) 2022-07-05
US20220207192A1 (en) 2022-06-30

Similar Documents

Publication Publication Date Title
US11231991B2 (en) System on chip and memory system including security processor with improved memory use efficiency and method of operating system on chip
US11088846B2 (en) Key rotating trees with split counters for efficient hardware replay protection
US7472285B2 (en) Apparatus and method for memory encryption with reduced decryption latency
US20190384939A1 (en) Data Protection Device and Method and Storage Controller
US20070067644A1 (en) Memory control unit implementing a rotating-key encryption algorithm
US8954751B2 (en) Secure memory control parameters in table look aside buffer data fields and support memory array
US10896267B2 (en) Input/output data encryption
US20070050642A1 (en) Memory control unit with configurable memory encryption
WO2019109967A1 (en) Storage apparatus and method for address scrambling
US20090187771A1 (en) Secure data storage with key update to prevent replay attacks
US20130145177A1 (en) Memory location specific data encryption key
WO2017045484A1 (zh) 一种基于xts-sm4的存储加解密方法及装置
US8467534B2 (en) Method and system for secure access and processing of an encryption/decryption key
CN112887077B (zh) 一种ssd主控芯片随机缓存保密方法和电路
US20060015753A1 (en) Internal RAM for integrity check values
US20210006391A1 (en) Data processing method, circuit, terminal device and storage medium
US20210004495A1 (en) Method and apparatus for encrypting and decrypting data on an integrated circuit
US11216592B2 (en) Dynamic cryptographic key expansion
EP4083842B1 (en) Inline encryption/decryption for a memory controller
US11886624B2 (en) Crypto device, integrated circuit and computing device having the same, and writing method thereof
CN112948840A (zh) 一种访问控制设备和包含该设备的处理器
CN213876729U (zh) 一种ssd主控芯片随机缓存保密电路
US11288406B1 (en) Fast XOR interface with processor and memory
CN114969794A (zh) SoC系统及数据加密方法
US11636046B1 (en) Latency free data encryption and decryption between processor and memory

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: SAMSUNG ELECTRONICS CO., LTD., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HEO, INGOO;NOH, YOUNGWOOK;REEL/FRAME:057487/0889

Effective date: 20210702

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE